At the end of last year, a survey revealed that the most popular password was still “123456”, followed by “password”. These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is

Traditional network security vulnerabilities are bad enough without adding SDN security issues to the mix. But, as organizations deploy SDN, they risk exposing their networks to new types of threats and attacks, especially if they don’t have proper plans in place. A prevalent concern with SDN security focuses on the SDN controller. The controller contains

Without any notable opposition to the Senate’s version of the bill, the House agreed to a reorganization of the Cybersecurity and Infrastructure Security Agency (CISA) Act earlier this week, according to FCW. Replacing the National Protection and Programs Directorate, the new agency will oversee the cybersecurity of federal computer systems and will be a government liaison

by Paul Ducklin This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat Report, and squeezing Shakespeare into one tweet. Also, RIP James Lewis Pond, known to Mac users the world over as Pondini, whom we talked about in last week’s podcast but didn’t do justice to. With Anna Brading, Paul Ducklin and Mark

When the security industry characterizes the e-crime threat landscape, there is a temptation to focus on the everyday scams and high-volume aspect of the criminal threat landscape. These criminals are not particular about targets if there are financial rewards at the end. Obvious examples of these types of scams are the widely distributed malware aimed

Almost all young people recycle their passwords, often doing so across work and personal accounts The prevalence of cybersecurity incidents and the concomitant growing concerns about any organization’s cybersecurity posture haven’t done much to discourage many employees from engaging in poor security habits, a survey has found. In some respects, employees’ cyber-hygiene is actually getting

Has Wikileaks founder Julian Assange officially been charged with any unspecified criminal offense in the United States? — YES United States prosecutors have accidentally revealed the existence of criminal charges against Wikileaks founder Julian Assange in a recently unsealed court filing in an unrelated ongoing sex crime case in the Eastern District of Virginia. Assistant

Netflix and chill from afar? Facebook Messenger is now internally testing simultaneous co-viewing of videos. That means you and your favorite people could watch a synchronized video over group chat on your respective devices while discussing or joking about it. This “Watch Videos Together” feature could make you spend more time on Facebook Messenger while

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek

The Americas Partner Summit 2018 was held on Tuesday, October 16 at MPOWER Cybersecurity Summit. It was a day filled with McAfee and partner leadership coming together to collaborate on McAfee’s partner strategy, product portfolio, programs, and more. Here are some of the highlights: The Audience 338 partners 225 VAR, Disti, MSP, etc. 35 OEM

Despite the session’s name, “Two Points of View: Collaboration and Disclosure: Balancing Openness About Cyber Security with Managing Risk and Reputation,” panelists at today’s Infosecurity North America conference were actually in agreement about sharing threat intelligence. Moderated by Joseph Gittens, director, standards, Security Industry Association, the panelists explored the different channels by which information can and

Twice a year, an international contest called Pwn2Own – the Olympic Games of competitive hacking, if you like – gives the world’s top bug-hunters a chance to show off their skills. The word pwn, if you aren’t familiar with it already, is hacker jargon for “own”, as in “owning” someone’s computer – and, with it,

On October 4, 2018, a Bloomberg Businessweek article alleged that in 2015, manufacturers inserted microchips onto the motherboards of servers destined for U.S. public and government organizations to provide Chinese government-sponsored threat actors with unauthorized access. The story was immediately refuted in its entirety by the three companies named in the story: Apple, Amazon, and

Industry standard specification does not guarantee the safety of the self-encrypting drives despite verification. The need to encrypt data on devices has never been greater, especially with legislation such as the European Union’s General Data Protection Regulation (GDPR). Purchasing a self-encrypting drive (SED) that adheres to the industry standard, published as the Trusted Computing Group’s

We live in an age where data flows like water, becoming the new life source of our everyday ventures. As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable resource.

A new startup called Italic says it’s already received more than 100,000 signups for a marketplace where you can buy handbags, eyewear and other luxury products directly from the manufacturers who work with the world’s best-known brands. The marketplace is officially launching today. Italic is also announcing that it’s raised $13 million in funding from

Salad startup and retailer Sweetgreen recently raised a $200 million Series H round led by Fidelity that valued the company at more than $1 billion. This round brings Sweetgreen’s total amount of funding to $365 million. With this additional $200 million in funding, Sweetgreen is setting its eyes on other food categories and looking to

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need

French President Emmanuel Macron introduced the Paris Call for Trust and Security in Cyberspace and initially received support from 50 countries, 150 companies and about 170 other organizations — but not from the U.S., China or Russia. The international cybercrime agreement was put forward as part of Paris Digital Week at the UNESCO Internet Governance

Whether it’s a question of to whom the CISO reports or quantifying what the CISO is actually responsible for, the role has changed over time, leaving many wondering how to balance the competing demands of IT, security, innovation and compliance. In the final panel that closed out the second annual Infosecurity North America conference in

by John E Dunn Cybercriminals have returned to old-school manual hacking tactics to boost the efficiency of targeted extortion, according to research conducted for the SophosLabs 2019 Threat Report. Ransomware attacks are nothing new, but well known examples like CryptoLocker or WannaCry have tended to be opportunistic and indiscriminate. To penetrate their targets they rely on

How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers You need to stick to Google Play for apps and run as recent a version of Android as possible if

Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed, Lazy

Black Friday Sales! Hurry! https://securgadget.com/discount/SECURGADGET30 About www.SecurGadget.com Security today is an integral part of the well-being of our family, friends and colleague. To protect ourselves, our homes, cars and offices are usually equipped with some form of physical detection or intrusion systems. This has given rise to the demand of security gadgets. In turn, more

The shock news yesterday that Google is taking over a health app rolled out to UK hospitals over the past few years by its AI division, DeepMind, has caught the eye of the country’s data protection watchdog — which said today that it’s monitoring developments. An ICO spokesperson told us: “An ICO investigation and an

With just days until Black Friday, the unofficial kick off to the holiday shopping season is quickly approaching. In anticipation of the busiest time of year for e-commerce, this year we conducted a survey, Stressed Holiday Online Shopping, to understand how financial pressure can impact buyer behavior when it comes to online purchasing and cybersecurity.

Nordstrom is the latest victim in a long line of data breaches suffered across the retail sector, according to The Seattle Times. The Seattle-based retailer suffered a data breach in which a wide range of personal information was exposed. In addition to disclosing employee names, their Social Security numbers and dates of birth, checking account and

by Paul Ducklin Conspiracy theorists can stand down from puce alert! A network outage that affected US providers including Google and Cloudflare on Monday, intermittently diverting traffic via China… …has been chalked up to a blunder. Here’s why. Internet traffic depends heavily on a system called BGP, short for Border Gateway Protocol, which ISPs use

The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the

Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk. Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results